crypto: store CRLs in a set

ad234004 · Adrien Béraud · a88e6a4c · ad234004 · ad234004
Commit ad234004 authored 8 years ago by Adrien Béraud
--- a/include/opendht/crypto.h
+++ b/include/opendht/crypto.h
@@ -314,7 +314,7 @@ struct OPENDHT_PUBLIC Certificate {
    std::string print() const;

    void revoke(const PrivateKey&, const Certificate&);
-    std::vector<std::shared_ptr<RevocationList>> getRevocationLists() const { return revocation_lists; }
+    std::vector<std::shared_ptr<RevocationList>> getRevocationLists() const;
    void addRevocationList(RevocationList&&);
    void addRevocationList(std::shared_ptr<RevocationList>);

@@ -325,7 +325,7 @@ struct OPENDHT_PUBLIC Certificate {
 private:
    Certificate(const Certificate&) = delete;
    Certificate& operator=(const Certificate&) = delete;
-    std::vector<std::shared_ptr<RevocationList>> revocation_lists;
+    std::set<std::shared_ptr<RevocationList>> revocation_lists;
 };



--- a/src/crypto.cpp
+++ b/src/crypto.cpp
@@ -739,8 +739,8 @@ void
 Certificate::revoke(const PrivateKey& key, const Certificate& to_revoke)
 {
    if (revocation_lists.empty())
-        revocation_lists.emplace_back(std::make_shared<RevocationList>());
-    auto& list = *revocation_lists.back();
+        revocation_lists.emplace(std::make_shared<RevocationList>());
+    auto& list = *(*revocation_lists.begin());
    list.revoke(to_revoke);
    list.sign(key, *this);
 }
@@ -754,9 +754,11 @@ Certificate::addRevocationList(RevocationList&& list)
 void
 Certificate::addRevocationList(std::shared_ptr<RevocationList> list)
 {
+    if (revocation_lists.find(list) != revocation_lists.end())
+        return; // Already in the list
    if (not list->isSignedBy(*this))
        throw CryptoException("CRL is not signed by this certificate");
-    revocation_lists.emplace_back(std::move(list));
+    revocation_lists.emplace(std::move(list));
 }

 std::chrono::system_clock::time_point
@@ -869,6 +871,16 @@ Certificate::generate(const PrivateKey& key, const std::string& name, Identity c
    return ret;
 }

+std::vector<std::shared_ptr<RevocationList>>
+Certificate::getRevocationLists() const
+{
+    std::vector<std::shared_ptr<RevocationList>> ret;
+    ret.reserve(revocation_lists.size());
+    for (const auto& crl : revocation_lists)
+        ret.emplace_back(crl);
+    return ret;
+}
+
 RevocationList::RevocationList()
 {
    gnutls_x509_crl_init(&crl);